Life services network 2011 presentation


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Life services network 2011 presentation

  1. 1. Life Services Network 2011 Annual Meeting March 23 – 25Health Care Regulatory Exposures: An Evolving Landscape Katherine M. Keefe Chair, Health Care Practice Dilworth Paxson LLP Christopher M. Breck, CIC, ARM Managing Director of Healthcare Alper Services, LLC Sharon M. Livas Sr. Vice President – Healthcare Alper Services, LLC
  2. 2. Health Care Regulatory Exposures: An Evolving Landscape Illinois Workers Compensation Reform Christopher M. Breck, CIC, ARM Managing Director of Healthcare Alper Services, LLC Sharon M. Livas Sr. Vice President – Healthcare Alper Services, LLC
  3. 3. IllinoisTalks of Workers’ Compensation Reform
  4. 4. IllinoisTalks of Workers’ Compensation Reform Stakeholders  Dr’s  Business  Labor  Lawyers  Workers  Politicians
  5. 5. IllinoisTalks of Workers’ Compensation ReformMost Expensive Change in RankStates 2008 vs. 2010 Montana 2-1 Alaska 1- 2 Illinois 10 -3 Oklahoma 9-4 California 13 - 5 Connecticut 20 - 6 New Jersey 16 - 7
  6. 6. IllinoisTalks of Workers’ Compensation ReformCurrent Causation Accident need only be a causative factor May be based on a sequence of events without medical testimony Aggravation of pre-existing condition
  7. 7. IllinoisTalks of Workers’ Compensation ReformProposed Causation Change work related condition to be “caused” by work as PRIMARY factor Current indefensible standard allowing work to be “a” cause not “the” cause.
  8. 8. IllinoisTalks of Workers’ Compensation ReformCurrent Choice of Medical Care Employee has choice of up to 2 treating physicians and referralsProposed Choices for Medical Care 1st choice to Employer; 2nd choice to Employee
  9. 9. IllinoisTalks of Workers’ Compensation ReformCurrent AMA Standards Not applied in IL  38 states recognize guidelinesProposed AMA Standards Require objective findings of disability based on AMA guidelines
  10. 10. IllinoisTalks of Workers’ Compensation ReformCurrent Wage Differential Lifetime benefit requires physical rather than economic change Unlimited Number of awards Based on Maximum state average weekly wage
  11. 11. IllinoisTalks of Workers’ Compensation ReformProposed Wage Differential Cap until Age 67 or 5 years post injury Allow modification based on a material increase in earnings Cap benefit at max PPD rate
  12. 12. Illinois Talks of Workers’ Compensation ReformCurrent Intoxication Defense There is none
  13. 13. Illinois Talks of Workers’ Compensation ReformProposed Intoxication Defense Create rebuttable presumption that there will be NO benefits if alcohol level is . 08 or above or any other illegal substance OR refuses testing
  14. 14. Illinois Talks of Workers’ Compensation ReformCurrent Fee Schedule Medical Fee Schedule 2nd highest in the country (WCRI)
  15. 15. Illinois Talks of Workers’ Compensation ReformProposed Schedule Reduce 15-20% Provide reimbursement for out of state procedures, treatments and supplies Cap reimbursements for Implants at cost plus of 25%
  17. 17. IllinoisTalks of Workers’ Compensation Reform How does IL rank in costs? If my blood alcohol is .06, will my Work Comp clam be paid? What year were the last reforms made to the system?
  18. 18. IllinoisTalks of Workers’ Compensation Reform Why have medical costs increased faster in workers compensation vs. health plans? What can you personally do to help reforms be adopted in Illinois?
  19. 19. Health Care Regulatory Exposures: An Evolving Landscape Enforcement Overview Specific areas of regulatory risk Acquired conditions RAC Privacy Excluded Individuals Compliance Programs
  20. 20. I. Enforcement Overview
  21. 21. Overview of the Health Care Industry: Enforcement Agencies HHS Centers for Medicare & Medicaid Services (CMS) Food and Drug Administration (FDA) Office of Inspector General (OIG) Department of Justice (DOJ) Federal Bureau of Investigation (FBI) HHS Office of Civil Right (OCR) State Attorneys General Private Litigants
  22. 22. Centers for Medicare & Medicaid Services (CMS) Within HHS, administers Medicare, Medicaid, State Childrens Health Insurance Program (SCHIP), HIPAA (transactions) CLIA, other programs 90 million beneficiaries $650 billion budget "Stewards accountable for resources and effectiveness"
  23. 23. Office of Inspector General (OIG) OIG mandated by law to protect integrity of HHS programs, and health and welfare of program beneficiaries OIG responsible to report to Secretary of HHS and Congress problems and recommendations OIG duties carried out through a nationwide network of audits, investigations and inspections
  24. 24. OIG Initiatives Annual work plans Self-disclosure protocol  Recently refined  Good faith disclosures  Imposes Corporate Integrity/Compliance Agreements Compliance Program Guidance  Provider-specific (i.e., hospital, home health, lab, DME)  Nursing facility guidance
  25. 25. OIG 2011 Work Plan Senior services focus includes:  Nursing home payment and oversight  Assessment of atypical antipsychotic drugs  Nursing home resident hospitalizations  Criminal background checks for nursing home employees  Emergency preparedness
  26. 26. FALSE CLAIMS ACT 31 U.S.C. §§ 3729-2733 imposes civil liability against a person or entity that:  Knowingly (can be shown by reckless disregard for the truth)  Presents a false claim for payment, or  Uses a false record or statement to get a claim paid or approved, or causes a third party to do either of above Treble damage award Additional penalty for each claim between $5,000 and $11,000.
  27. 27. FCA Whistleblower ("Qui Tam") Provisions Private citizen whistleblower ("relator") files action and submits to U.S. Attorney for review Government investigates and decides whether to intervene If government does not intervene, relator may pursue action on his/her own, in the shoes of the government. Relator may receive  up to 25% of award if government intervenes  30% if government does not intervene and relator pursues
  28. 28. Majority of False Claim Actions Come from Whistleblowers Whistleblowers are everywhere From lower level employees to professionals or executive employees
  29. 29. Computation of FCA Judgment $334 million judgment (3/07) against AmeriGroup health plan  Illinois hired Amerigroup to administer Medicaid managed care program  Amerigroup alleged to have avoided pregnant women and others with expensive health conditions  False Claims Action  Whistleblower was former head of government relations; received between 15% and 25% of award.  Judgment Total: Jury award: $48 million in damages, trebled (x3) = $144 million, judge assessed penalty of $10,500 on each of 18,130 claims = $190,365,000 TOTAL: $334 million.  Other costs – employee time and lawyers fees
  30. 30. Social Security Act Relevant Provisions 42 U.S.C. § 1320a-7: Exclusion of individuals and entities from participation in Medicare and State health care programs 42 U.S.C. § 1320a-7a: Civil monetary penalties 42 U.S.C. § 1320a-7b: Criminal penalties for action involving Federal health care programs
  31. 31. Anti-Kickback Statute (criminal) Knowingly and willfully  Offer, pay, solicit or receive  Any remuneration (in cash or in kind)  To induce (or, in exchange for)  The purchasing, ordering, or recommending of any good or service reimbursable by the Medicare, Medicaid or other federally funded health care programs  Penalties: up to 5 years imprisonment, $25,000 fine, or both
  32. 32. Stark Law (civil) Physician (including immediate family members) with a financial relationship with an entity, may not refer Medicare or Medicaid patient to that entity, and entity may not bill for "designated health services." Penalties include refunding improper claims and CMPs of up to $15,000 per claim Designated Health Services:  Lab -Parenteral, enteral nutrition  PT -Prosthetics, orthotics  OT -Home health services, supplies  Radiology -Outpatient drugs  Radiation therapy -Inpt/Outpt hospital services  DME
  33. 33. Health Care Reform – Patient Protection and Affordable Care Act (“PPACA”)  Oversight and enforcement increased, including:  Fraud enforcement funding: additional $10 million yearly for years 2011 - 2020; $250 million over years 2011 - 2016  Subpoena and testimony powers expanded for HHS and OIG  Medicaid exclusions expanded: states must terminate provider excluded by Medicare or another state;  Medicaid exclusion for failure to repay overpayments
  34. 34. PPACA Expansion ofOversight and Enforcement Anti-Kickback intention standard eased; Stark self-disclosure expectations increased Provider enrollment: program participation screenings depending on “low”, “moderate” or “high” risk levels
  35. 35. II. Exposure: Acquired Conditions Payment Rules
  36. 36. Emergence of "Value Based Purchasing" Current Medicare payment system: consumption and quantity of care Center of Medicare and Medicaid Services (CMS)  transforming Medicare from passive to active purchaser Goal: increase quality, avoid unnecessary costs VBP drivers: Congress, MedPAC and IOM reports, private sector Medicare Trust Fund solvency
  37. 37. Emergence of “Value-Based Purchasing” Value-Based Purchasing Initiatives  Hospital Pay for Reporting  Hospital VBP Plan  VBP Nursing Home Demonstration  VBP programs will affect home health, physicians & other providers Against VBP backdrop, HAC rules emerged
  38. 38. Legal Basis of HAC Payment Rules Deficit Reduction Act of 2005, Section 5001(c) Required CMS to select at least two conditions:  High cost, high volume, or both  Assigned to higher-paying DRG if present as secondary diagnosis  Reasonably prevented through using evidence- based guidelines
  39. 39. Legal Basis of HAC Payment Rules Deficit Reduction Act  October 1, 2007: Hospitals required to submit claims data indicating whether diagnoses are "present on admission"  October 1, 2008: No payment for care associated with Hospital Acquired Condition (“Never Event”) unless identified as present on admission Medicare hospital payment regulations specify Hospital Acquired Conditions and include "Never Events"
  40. 40. Initial Hospital Acquired Conditions, including "Never Events" Object left in body after surgery* Air embolism* Blood incompatibility* Catheter-associated urinary tract infection Decubitus ulcers Vascular catheter-associated infection* “Never Events”
  41. 41. Initial Hospital Acquired Conditions (cont.) Surgical site infection-mediastinitis after CABG Falls-specific trauma codes Extreme manifestations of poor glycemic control Surgical infection post certain orthopedic, bariatric surgeries DVT/PE post hip, knee replacement surgeries
  42. 42. Acquired Conditions and Health Reform: Medicare PPACA requires Secretary of HHS to study expansion of Medicare HAC regulations to  Rehab hospitals  Long-term acute care hospitals  Hospital outpatient departments  Skilled nursing facilities  Others Report due to Congress by January 1, 2012 Impact on quality, safety and cost of care
  43. 43. Acquired Conditions and Health Reform: Medicaid By July 1, 2011, PPACA requires state Medicaid programs to ensure that Medicaid payments are not made for conditions covered by Medicare HAC policy Certain Medicare HACs may be excluded if inapplicable to Medicaid populations February 17, 2011 proposed regulations  “Provider-Preventable Conditions,” “Other Provider- Preventable Conditions”  Could have reasonably been prevented through application of evidence-based guidelines  Not limited to inpatient hospital settings
  44. 44. III. Exposure: Recovery Audit Contractor (RAC) Program
  45. 45. The RAC Program: Background Congressional Authority Medicare Prescription Drug Improvement and Modernization Act of 2003  Directed establishment of demonstration program Tax Relief and Health Care Act of 2006  Expanded claims RAC nationwide in 2010
  46. 46. The RAC Program: Key Features To identify improper payments made on claims for health care services provided to Medicare beneficiaries RAC Program is separate from/addition to existing processes for identifying overpayments by Medicare Affiliated Contractors (MACs)
  47. 47. The RAC Program: Key Features Two types of RACs  Medicare Secondary Payer (MSP) RACs  Claims RACs Affected providers include physicians, hospitals, SNFs, inpatient rehab, clinical labs, DME Medicare Advantage and Part D claims excluded from RAC review RACs receive contingency payments
  48. 48. RAC Program: Key Features RAC Review Process  RAC review of claims data files  Look-back period—Was 4 years in demonstration, now 3 years  RACs may not review claims already reviewed, ongoing post-payment medical review claims, claims under fraud, criminal investigations  Automated and Complex claims reviews
  49. 49. RAC Collection / Appeal Process Collection same as for Medicare contractor – identified overpayments Recoupment via offset unless provider submits check or valid appeal Appeal timeframes MedicareAppealsProcess.pdf
  50. 50. Medicaid RAC Program PPACA requires states to contract with one or more RACS by December 31, 2010 (postponed) November 10, 2010 proposed regulations; new implementation date with final regulations State plan amendments due December 31, 2010 Contingency fee payments (like Medicare RACS) State may use current Medicaid appeals process for RAC appeals State variations likely – look-back periods, types of claims reviewed
  51. 51. IV. Exposure: Health Information Privacy & Security
  52. 52. HIPAA Basics HIPAA applies to Covered Entities "Covered Entities"  Health care providers who transmit electronic standard transactions  Health plans, including employer sponsored health benefits plans  Health care clearinghouses: entities that process electronic data formats
  53. 53. HIPAA Basics HIPAA also regulates "Business Associates" (effective February 17, 2010) A Business Associate performs functions or activities on behalf of a Covered Entity and uses or accesses PHI to do so. Business Associate functions include management, administrative, legal, actuarial, accounting and consulting Business Associate Agreement required between Covered Entity and Business Associate
  54. 54. HIPAA Privacy Rule Basics Basic Rule  No use or disclosure of PHI by Covered Entities unless authorized by the individual or permitted by the Privacy Rule Permitted uses/disclosures include  For treatment, payment and health care operations purposes ("TPO")  To the patient  Specific exceptions list in the regulations
  55. 55. HIPAA Enforcement Basics HHS Office of Civil Rights ("OCR") enforces HIPAA privacy and security regulations Statutory civil monetary and criminal penalties for HIPAA violations No private right of action under HIPAA, however State Attorneys General now authorized to bring suit, in addition to U.S. Attorneys OIG Work Plan targets hospital security controls for PHI on portable devices, privacy and breach response compliance
  56. 56. HIPAA Enforcement Resolution Agreements: (Providence Health, CVS/Caremark, Mass General) HIPAA prosecutions  Criminal cases involving the use/disclosure of PHI for personal gain (Gibson, Ferrer and Machado, Ramirez)  Criminal cases involving inappropriate access to PHI (Zhou, Holland, Miller and Griffen)  HITECH clarified that individuals may be prosecuted
  57. 57. HIPAA Updated by HITECH American Recovery and Reinvestment Act of 2009, February 17, 2009 (ARRA) Title XIII, Health Information Technology for Economic and Clinical Health Act (HITECH)  Bureaucracy for national EHR infrastructure to set EHR standards, administer EHR stimulus funding  Medicare and Medicaid reimbursement methods to incent EHR adoption  New HIPAA privacy and security requirements
  58. 58. HITECH: New Federal breach notification requirements Prior to HITECH, covered entities were not required to notify patients of breaches of PHI, unless required by state law HITECH breach regulations 45 C.F.R. 164.400-414 Effective 9/23/09, covered entities must notify patients whose unsecured PHI has been breached HIPAA business associate must notify covered entity when unsecured PHI has been breached
  59. 59. Illinois Personal Information Protection Act Notice to IL residents of unauthorized acquisition of computerized data that compromises the security, confidentiality or integrity of personal information Personal information: first initial or name/last name with SSN# or driver’s license #/state ID # or account/credit/debit card # with or without access code Notice must be made in the “most expedient time possible” and “without unreasonable delay”
  60. 60. "Breach" under HITECH Not all impermissible uses or disclosures are breaches "Breach" = unauthorized acquisition, access, use or disclosure of PHI which compromises the security or privacy of the information "Compromises" = poses a significant risk of financial, reputational or other harm to the individual
  61. 61. Breach risk assessment Must be performed in order to determine whether there is a significant risk of harm Must be documented, as covered entitys (and business associates) burden of proof includes demonstrating that a use or disclosure was not a breach
  62. 62. Breach risk assessment under HITECH Data files containing  Patient names  Patient names and social security numbers  Patient names in files labeled "CHF“  Health plan identification numbers  Claims information including procedure codes
  63. 63. Breach investigations and Business Associates HITECH requires  BA to notify CE of breach of unsecured PHI  Notice shall include, to extent possible, identification of each individual affected  BA to provide CE with any other available information that CE is required to include in individual notice  Notice must be provided without unreasonable delay and in no case later that 60 days after discovery of breach
  64. 64. HITECH Breach Notice Requirements Individual Notice To each individual whose unsecured PHI has been breached If 10 or more individuals for whom there is insufficient contact information, substitute notice required  Conspicuous website posting for 90 days  Notice in major print or broadcast media  Toll-free number active for 90 days To next of kin or personal representative of deceased individuals, if address known
  65. 65. HITECH Breach Notice Requirements Individual Notice "Without unreasonable delay," but no later than 60 days after discovery of breach In writing, by first class mail, unless individual as agreed in advance to email communications By telephone, if possibility of imminent misuse of PHI Law enforcement delay: Upon written or oral statement by law enforcement official that notice or posting would impede investigation
  66. 66. Content of Individual Notice Description of what happened, date of discovery Types of PHI involved Steps individual can take to protect from potential harm Description of what health plan is doing to investigate, mitigate losses and protect against further breaches Contact for questions, including a toll-free phone number
  67. 67. HITECH Breach Notice Requirements Notice to the media  Breach involving more than 500 residents of a state or jurisdiction  Prominent media outlets serving the state or jurisdiction  Same content and timing requirements as for individual notice  Press release indicated by OCR as expected form of media notice
  68. 68. HITECH Breach Notice Requirements Notice to the Secretary  If breach involves 500 or more individuals, notice to be provided contemporaneously with individual notice  If breach involves fewer than 500 individuals, log must be maintained and reported annually not later than 60 days after end of each calendar year Forreports of 500 or more, expect indication of further follow-up by OCR
  69. 69. Additional requirements Policies and procedures for compliance with HITECH breach notice requirements Training workforce regarding breach policies and procedures Sanctions for non-compliance
  70. 70. Breach response realities Have ready to go  Data breach reporting policies and procedures, consistent with HIPAA policies and training requirements  Data breach response policy, pre-selected response team  Risk assessment documentation template  Template notice letter  Data breach liability policy?
  71. 71. V. Exposure: Excluded Individuals
  72. 72. Excluded Individuals Bases for exclusion from Medicare or Medicaid program participation  Sexual assault  Patient abuse  Failure to repay HEAL loans  Criminal convictions related to program  Criminal convictions related to controlled substances  Licensure issues
  73. 73. Excluded Individuals No Medicare, Medicaid or any other Federal health care program payment may be made for items or services (1) furnished by an excluded individual, or (2) directed or prescribed by an excluded physician (itemized claims, cost reports, fee schedules or PPS payments) Civil monetary penalties (CMPs) may be imposed for submission of improper claims, including claims submitted by an excluded individual
  74. 74. Excluded Individuals OIG Special Advisory Bulletin  Prohibition extends to administration and management services not directly related to patient care  Prohibition continues to apply even if individual changes health professions while excluded  No Federal program payment may be made to cover individual’s salary, expenses or benefits regardless of whether direct patient care is provided
  75. 75. Excluded Individuals OIG Special Advisory Bulletin  To avoid CMP liability, check OIG List of Excluded Individuals/Entities prior to hiring or contracting and periodically  Check Excluded Parties List System (maintained by the GSA) also  State Medicaid list
  76. 76. Compliance Programs – Today Voluntary OIG Compliance Guidance for Nursing Facilities (2000; Supplemental guidance 2008)  Quality Care (staffing, training)  Accurate claims (upcoding, therapy services, excluded individuals, anti-kickback  Involvement of board of directors and senior officers  Annual reviews  Self-reporting
  77. 77. Compliance Programs – Soon Mandatory PPACA Section 6102  Medicare SNFs and Medicaid NFs must have compliance and ethics program with 3 years of PPACA enactment  HHS and OIG to establish regulations  Organizations with 5 or more facilities must have more formal program with written policies and procedures
  78. 78. Compliance Programs – Soon Mandatory SNF/NF compliance program – reasonably designed, implemented and enforced to be generally effective in preventing and detecting civil criminal and administrative violations, as well as promoting quality of care Required components  Compliance procedures to guide employees  Assigned compliance responsibilities to senior individuals within operating organizations
  79. 79. Compliance Programs – Soon Mandatory Required components (cont.)  Restriction of at-risk individuals from involvement with compliance responsibilities  Effective communications  Auditing and monitoring  Appropriate disciplinary measures, including for failing to detect offenses  Appropriate response mechanisms
  80. 80. Questions???